GRUB2 is a modular, multiboot-capable bootloader for many operating systems.

GRUB2 is an ideal payload for coreboot. It's modular, extensible, supports booting off filesystems, and it has a scriptable shell. Our goal is to replace the common coreboot payload FILO with a coreboot-capable version of GRUB2.

in the .usb branch, provides an uhci driver and usb storage support. highly experimental at this time

Building a diskimage module

If you are using coreboot v2, the firmware image is not a LAR archive, as in coreboot v3. If you want to place files in the coreboot+grub2 image, you can still create a diskimage module and include it in your payload.

create a lar/cpio file

grub-mkdiskimage lar/cpio-file $GRUB2INST/lib/grub/i386/diskimage.mod

add diskimage.mod to your grub-mkimage call

Per default GRUB2 looks for a configuration file grub.cfg in the disk image. The path is

(memdisk)/grub.cfg

Checking Signatures

Currently the tools for crypto signature verification are not built automatically. To build them, run

$ cd libs/sigtools
$ make

Using sigtools

Create a key pair filename.pub and filename.sec with

$ genkeypair filename

Create a signature of candidate using keyfile.sec and save it as candidate.sig:

$ gensig keyfile candidate

Verification in GRUB2

Load /key.pub as public key and block access to all unsigned files with

$ load-pubkey /key.pub

Verify foo using the signature foo.sig, reporting success or failure and grant access to the file foo with:

This work was subsequently rejected by the GRUB project, and was eventually re-implemented by Robert Millan, one of the GRUB project members. The re-implementation lacks a couple of fundamental features. From this new base, more work was done.